If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Comment

I don't think so, the code actually runs on an embedded processor before the OS runs. Even if a driver could be developed for the embedded processor you can't bypass the binary code that runs before the OS boots.

Comment

1: infiltrate Intel labs and take blueprints for x86 and produce CPUs on country where patents do not apply 2: someone should steal this microsoft or any other company secure boot key generator or full source code for these blobs.

Freedom must be gained back with any means, enough of this locking everything.

We already have secure boot keys. Microsoft gave some to a few Linux distros, and they can be used to chainload anything else.

Btw, I thought IME could be disabled in almost all BIOSes, and was infact not enabled by default.

Comment

Fortunately there are enough pre-2009 Thinkpads and BIOS-based workstation PCs on eBay to last me a few more years. And by then, I hope there might be ARM, MIPS, POWER or open-source hardware that is actually fast, works with mainline kernels, and works with a free graphics driver...

1 like

Comment

For now the solution is to stockpile. If a police raid wiped out my stock of pre-2013 AMD hardware, I could have someone not known to the authorities order more over Ebay. Ordering it myself would be more dangerous than using the current hardware as the FBI would then have the option of intercepting hardware going to a known adversary for installation of malicious firmware or chips.

A $3,000 POWER setup is worth more than all my assets. If I could not avoid the newer machines, I would have to split them up: video editing and storage on never-networked machines bought randomly with cash, networking done with other machines using read-only filesystems, destructable media to move files between them. Malicious firmware cannot exfiltrate your disk key over a network if there is no network, and exfil by flash drives to another networked machine is complex enough that mass produced firmware probably would leave it out.

This is important because the NSA had decided to open their database to law enforcement, meaning ALL disfavored activity now has the NSA and not just Secret Service or the FBI as the adversary so far as securing encrypted media and messages is concerned.

Thanks for what amounts to a warning never to use recent x86 boards for any machine that is both encrypted/has read-write storage of sensitive data and networked. An insecure x86 laptop with TAILS plus an airgapped video editor would be tough to defeat even with malicious firmware unless retail machines sold to off the shelf to all buyers had a keylogger writing to disk turned on all the time. That would almost guarantee detection by users of forensic file recovery software.

For now I will keep my old BIOS boards and AMD can keep their replacement for Bulldozer and Phenom until someone cracks their firmware and releases the keys.

Comment

Fortunately there are enough pre-2009 Thinkpads and BIOS-based workstation PCs on eBay to last me a few more years. And by then, I hope there might be ARM, MIPS, POWER or open-source hardware that is actually fast, works with mainline kernels, and works with a free graphics driver...